hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harsh J (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-10296) FileContext.getDelegationTokens() fails to obtain KMS delegation token
Date Thu, 21 Apr 2016 14:32:25 GMT

    [ https://issues.apache.org/jira/browse/HDFS-10296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15251966#comment-15251966
] 

Harsh J commented on HDFS-10296:
--------------------------------

We do special handling in DistributedFileSystem#addDelegationTokens to detect TDE features
and inject an additional KMS DT; this enhancement is missing in FileContext.

> FileContext.getDelegationTokens() fails to obtain KMS delegation token
> ----------------------------------------------------------------------
>
>                 Key: HDFS-10296
>                 URL: https://issues.apache.org/jira/browse/HDFS-10296
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: encryption
>    Affects Versions: 2.6.0
>         Environment: CDH 5.6 with a Java KMS
>            Reporter: Andreas Neumann
>
> This little program demonstrates the problem: With FileSystem, we can get both the HDFS
and the kms-dt token, whereas with FileContext, we can only obtain the HDFS delegation token.

> {code}
> public class SimpleTest {
>   public static void main(String[] args) throws IOException {
>     YarnConfiguration hConf = new YarnConfiguration();
>     String renewer = "renewer";
>     FileContext fc = FileContext.getFileContext(hConf);
>     List<Token<?>> tokens = fc.getDelegationTokens(new Path("/"), renewer);
>     for (Token<?> token : tokens) {
>       System.out.println("Token from FC: " + token);
>     }
>     FileSystem fs = FileSystem.get(hConf);
>     for (Token<?> token : fs.addDelegationTokens(renewer, new Credentials())) {
>       System.out.println("Token from FS: " + token);
>     }
>   }
> }
> {code}
> Sample output (host/user name x'ed out):
> {noformat}
> Token from FC: Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:xxx, Ident: (HDFS_DELEGATION_TOKEN
token 49 for xxx)
> Token from FS: Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:xxx, Ident: (HDFS_DELEGATION_TOKEN
token 50 for xxx)
> Token from FS: Kind: kms-dt, Service: xx.xx.xx.xx:16000, Ident: 00 04 63 64 61 70 07
72 65 6e 65 77 65 72 00 8a 01 54 16 96 c2 95 8a 01 54 3a a3 46 95 0e 02
> {noformat}
> Apparently FileContext does not return the KMS token. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message